On Thu, 4 Feb 2010, john at netdirect.ca wrote:
>kwlug-disc-bounces at kwlug.org wrote on 02/04/2010 09:49:39 AM:
> >
> > I'm not Windows-bashing. Yes, there is a standard mechanism for
> > updating the OS and certain MS products. However, I vastly prefer
> > the .deb repository method. As Lori pointed out, as long as I
> > stick to software from the repository, _all_ of the software on
> > the system can be
>> > updated with two easy steps.
> >
> > With Windows, each time I install an application, I'm forced to
> > think about how I will get security updates. Do I have to check
> > the developer's website periodically? Maybe they have an RSS
> > feed? It is certainly getting better with many of the larger
> > software producers adding in auto-update functionality, but I've
> > found that the quality and
>> > ease of use of these features are pretty hit and miss.
>> And multiple update mechanisms mean many more chances for something to go
> wrong. Which means multiple things to learn, monitor and fix.
that's the way i see it. with my red hat/fedora systems, i trust in
"yum" for official packages. if i need to download source, and
configure/make/install, it goes into /usr/local. if that doesn't
cover the situation, then something is seriously atypical and i'm
going to be especially wary.
rday
p.s. for people unused to the intricacies of yum/rpm, you can examine
the pre/post install/uninstall scripts of a package with, say:
$ rpm -q --scripts util-linux-ng
postinstall scriptlet (using /bin/sh):
/sbin/install-info /usr/share/info/ipc.info /usr/share/info/dir || :
# only for minimal buildroots without /var/log
[ -d /var/log ] || /bin/mkdir -p /var/log
/bin/touch /var/log/lastlog
/bin/chown root:root /var/log/lastlog
/bin/chmod 0644 /var/log/lastlog
# Fix the file context, do not use restorecon
if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
SECXT=$( /usr/sbin/matchpathcon -n /var/log/lastlog 2> /dev/null )
if [ -n "$SECXT" ]; then
# Selinux enabled, but without policy? It's true for buildroots
# without selinux stuff on host machine with enabled selinux.
# We don't want to use any RPM dependence on selinux policy for
# matchpathcon(2). SELinux policy should be optional.
/usr/bin/chcon "$SECXT" /var/log/lastlog >/dev/null 2>&1 || :
fi
fi
preuninstall scriptlet (using /bin/sh):
if [ "$1" = 0 ]; then
/sbin/install-info --del /usr/share/info/ipc.info /usr/share/info/dir || :
fi
exit 0
i've sometimes found it invaluable to read what a package is
executing on install or removal.
========================================================================
Robert P. J. Day Waterloo, Ontario, CANADA
Linux Consulting, Training and Kernel Pedantry.
Web page: http://crashcourse.ca
Twitter: http://twitter.com/rpjday
========================================================================